CVE-2024-54931
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Dec 9, 2024
Updated: Dec 11, 2024
CWE ID 89
Summary
CVE-2024-54931 is a SQL Injection vulnerability affecting the kashipara E-learning Management System version 1.0. The issue resides in the /admin/delete_event.php file, where the id parameter is not properly sanitized. This allows remote attackers to inject malicious SQL commands, thereby gaining unauthorized access to the database. Successful exploitation could lead to data theft, modifications, or even system compromise. It is crucial for users to apply the necessary patches or updates to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- E-Learning Management System
Affected Vendors
- Kashipara